EP4285258A4 - Extraction et classification automatisées d'indicateurs malveillants - Google Patents

Extraction et classification automatisées d'indicateurs malveillants

Info

Publication number
EP4285258A4
EP4285258A4 EP22760232.3A EP22760232A EP4285258A4 EP 4285258 A4 EP4285258 A4 EP 4285258A4 EP 22760232 A EP22760232 A EP 22760232A EP 4285258 A4 EP4285258 A4 EP 4285258A4
Authority
EP
European Patent Office
Prior art keywords
classification
automated extraction
malicious
indicators
malicious indicators
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22760232.3A
Other languages
German (de)
English (en)
Other versions
EP4285258A1 (fr
Inventor
Janos Szurdi
Daiping Liu
Jun Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Palo Alto Networks Inc
Original Assignee
Palo Alto Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Palo Alto Networks Inc filed Critical Palo Alto Networks Inc
Publication of EP4285258A1 publication Critical patent/EP4285258A1/fr
Publication of EP4285258A4 publication Critical patent/EP4285258A4/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/022Knowledge engineering; Knowledge acquisition
    • G06N5/025Extracting rules from data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Computational Linguistics (AREA)
  • Technology Law (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Multimedia (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
EP22760232.3A 2021-02-25 2022-02-17 Extraction et classification automatisées d'indicateurs malveillants Pending EP4285258A4 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US17/185,760 US11882130B2 (en) 2021-02-25 2021-02-25 Automated extraction and classification of malicious indicators
PCT/US2022/016823 WO2022182568A1 (fr) 2021-02-25 2022-02-17 Extraction et classification automatisées d'indicateurs malveillants

Publications (2)

Publication Number Publication Date
EP4285258A1 EP4285258A1 (fr) 2023-12-06
EP4285258A4 true EP4285258A4 (fr) 2024-07-17

Family

ID=82901172

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22760232.3A Pending EP4285258A4 (fr) 2021-02-25 2022-02-17 Extraction et classification automatisées d'indicateurs malveillants

Country Status (5)

Country Link
US (2) US11882130B2 (fr)
EP (1) EP4285258A4 (fr)
JP (1) JP2024512266A (fr)
CN (1) CN117242446A (fr)
WO (1) WO2022182568A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11882130B2 (en) * 2021-02-25 2024-01-23 Palo Alto Networks, Inc. Automated extraction and classification of malicious indicators
US20220385684A1 (en) * 2021-06-01 2022-12-01 Cytwist Ltd. Artificial intelligence cyber identity classification
US12088633B2 (en) * 2021-09-30 2024-09-10 Hewlett Packard Enterprise Development Lp Dynamic intrusion detection and prevention in computer networks
US12058156B2 (en) * 2022-03-29 2024-08-06 Edgehawk Security Ltd. System and method for detecting and mitigating port scanning attacks
US20230319106A1 (en) * 2022-04-04 2023-10-05 Proofpoint, Inc. Machine learning uniform resource locator (url) classifier
US11843618B1 (en) 2022-05-15 2023-12-12 Uab 360 It Optimized analysis for detecting harmful content
US12038993B1 (en) * 2023-01-31 2024-07-16 Splunk Inc. Techniques for showing matched URLs for a URL grouping rule

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170187741A1 (en) * 2015-12-24 2017-06-29 Philip Desch Systems and methods for prioritizing indicators of compromise
US20190268305A1 (en) * 2018-02-28 2019-08-29 Palo Alto Networks, Inc. Identifying security risks and enforcing policies on encrypted/encoded network communications
US20190372999A1 (en) * 2018-05-30 2019-12-05 Bank Of America Corporation Dynamic Cyber Event Analysis and Control

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10298602B2 (en) 2015-04-10 2019-05-21 Cofense Inc. Suspicious message processing and incident response
US10135862B1 (en) 2015-12-04 2018-11-20 Amazon Technologies, Inc. Testing security incident response through automated injection of known indicators of compromise
US10778702B1 (en) 2017-05-12 2020-09-15 Anomali, Inc. Predictive modeling of domain names using web-linking characteristics
US11611583B2 (en) 2018-06-07 2023-03-21 Intsights Cyber Intelligence Ltd. System and method for detection of malicious interactions in a computer network
US11522874B2 (en) 2019-05-31 2022-12-06 Charter Communications Operating, Llc Network traffic detection with mitigation of anomalous traffic and/or classification of traffic
US20220027428A1 (en) * 2020-07-23 2022-01-27 Bank Of America Corporation Security system for adaptive targeted multi-attribute based identification of online malicious electronic content
US11882130B2 (en) * 2021-02-25 2024-01-23 Palo Alto Networks, Inc. Automated extraction and classification of malicious indicators

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170187741A1 (en) * 2015-12-24 2017-06-29 Philip Desch Systems and methods for prioritizing indicators of compromise
US20190268305A1 (en) * 2018-02-28 2019-08-29 Palo Alto Networks, Inc. Identifying security risks and enforcing policies on encrypted/encoded network communications
US20190372999A1 (en) * 2018-05-30 2019-12-05 Bank Of America Corporation Dynamic Cyber Event Analysis and Control

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2022182568A1 *

Also Published As

Publication number Publication date
JP2024512266A (ja) 2024-03-19
US20220272109A1 (en) 2022-08-25
EP4285258A1 (fr) 2023-12-06
CN117242446A (zh) 2023-12-15
US20240031383A1 (en) 2024-01-25
US11882130B2 (en) 2024-01-23
WO2022182568A1 (fr) 2022-09-01

Similar Documents

Publication Publication Date Title
EP4285258A4 (fr) Extraction et classification automatisées d'indicateurs malveillants
IL270093B (en) Electromagnetic sensing and detection of implantable event markers
EP3544509A4 (fr) Détection et identification automatisées de fantômes
EP3654186C0 (fr) Identification automatisée de l'état d'un dispositif et modification dynamique résultant des opérations du dispositif
EP3602007A4 (fr) Dispositif et procédé de détection et de classification d'agents pathogènes
DE112020001597A5 (de) Automatische Erkennung und Klassifizierung von Adversarial Attacks
EP3415897C0 (fr) Procédé informatique de détection et de traitement des conditions d'alarme dans un champ
IL248851A0 (en) A method of sorting and/or processing waste and processed material produced by it
FI3842545T3 (fi) Koostumuksia ja menetelmiä näytteiden tunnistuksen parantamiseksi indeksoiduissa nukleiinihappokirjastoissa
EP2932467A4 (fr) Procédé de détection de contrefaçons et d'identification de comprimé
EP3245583A4 (fr) Dispositif électronique et procédé de traitement d'informations dans un dispositif électronique
GB202214404D0 (en) Automated malware monitoring and data extraction
HK1220278A1 (zh) 用於對欺詐性電子交易的增强型檢測的系統和方法
HK1218164A1 (zh) 安檢設備和射線探測方法
GB202300449D0 (en) Terrain-based automated detection of well pads and their surroundings
SG11202001454WA (en) Social content risk identification method and device and equipment
HK1251870A1 (zh) 一種指紋採集方法及終端
PL3697623T4 (pl) Dokumenty zabezpieczone i sposoby ich wytwarzania
IL264071A (en) Method and system for object classification
SG10201601905RA (en) Extract And Method of Extraction
PL3287078T3 (pl) Sposób przetwarzania informacji o morfologii i elastyczności tkanek oraz urządzenie do wykrywania elastyczności
ZA201805393B (en) Methods and systems for automated identification of agro-climatic zones
EP3690680A4 (fr) Système de mise au point et d'analyse automatisées des systèmes de sécurité
ZA201802811B (en) Self-adaptive identification method of identifying negotiable instrument and device
ZA201904138B (en) Method of detection and extracting metals from ore-bearing slurry

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230901

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20240618

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/40 20220101ALI20240612BHEP

Ipc: G06F 21/55 20130101ALI20240612BHEP

Ipc: G06F 21/00 20130101ALI20240612BHEP

Ipc: G06F 16/35 20190101ALI20240612BHEP

Ipc: G06F 16/28 20190101ALI20240612BHEP

Ipc: G06F 21/56 20130101AFI20240612BHEP